Filtered by vendor Ninjateam
Subscriptions
Filtered by product Filester
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4862 | 1 Ninjateam | 1 Filester | 2023-11-07 | 4.8 Medium |
The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. | ||||
CVE-2023-4861 | 1 Ninjateam | 1 Filester | 2023-11-07 | 7.2 High |
The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. | ||||
CVE-2023-4827 | 1 Ninjateam | 1 Filester | 2023-11-07 | 8.8 High |
The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. |
Page 1 of 1.